<?php

/*
+--------------------------------------------------------------------------
|  NovaBoard
|  ========================================
|  By The NovaBoard team
|  Released under the Artistic License 2.0
|  http://www.novaboard.net
|  ========================================
|   friendlist.php - friendlist
*/
 
if (!defined('NOVA_RUN')){
	echo "<h1>ACCESS DENIED</h1>You cannot access this file directly.";
	exit();
}

template_hook("pages/myoptions/friendlist.template.php", "start");

if ($_POST['add_friend'])
{
	$friend_id = escape_string($_POST['friend_id']);
	
	$query = mysql_query("SELECT `friends` FROM `{$db_prefix}members` WHERE `id`='{$my_id}'");
	$friends = mysql_fetch_array($query);
	$friends = explode(',', $friends['friends']);
	
	if (in_array($friend_id, $friends))
		nova_redirect("index.php?page=myoptions&act=friendlist", "myoptions/friendlist");
	elseif ($friend_id == $my_id)
		nova_redirect("index.php?page=myoptions&act=friendlist", "myoptions/friendlist");
	else
	{
		$query = mysql_query("UPDATE `{$db_prefix}members` SET `friends`= CONCAT(`friends`, '{$friend_id},') WHERE `id`='{$my_id}'");
	}
	
	nova_redirect("index.php?page=myoptions&act=friendlist", "myoptions/friendlist");
}
elseif ($_POST['delete_friend'])
{
	$friend_id = escape_string($_POST['friend_id']);

	$query = mysql_query("SELECT `friends` FROM `{$db_prefix}members` WHERE `id`='{$my_id}'");
	$friends = mysql_fetch_array($query);
	$friends = explode(',', $friends['friends']);
	
	if (!in_array($friend_id, $friends))
		nova_redirect("index.php?page=myoptions&act=friendlist", "myoptions/friendlist");
	else
	{
		unset($friends[array_search($friend_id, $friends)]);
		
		$friends = implode(',', $friends);
		$query = mysql_query("UPDATE `{$db_prefix}members` SET `friends`='{$friends}'");
	}
	
	nova_redirect("index.php?page=myoptions&act=friendlist", "myoptions/friendlist");
}
else
{
	$query = mysql_query("SELECT `friends` from `{$db_prefix}members` WHERE `id`='{$my_id}'");
	$friends = mysql_fetch_assoc($query);
	$friends = str_replace(",", "','", $friends['friends']);
	$query = mysql_query("SELECT `id`, `name` from `{$db_prefix}members` WHERE `id` IN ('{$friends}')");

	if (!mysql_num_rows($query))
		template_hook("pages/myoptions/friendlist.template.php", 1);
	else
	{
		template_hook("pages/myoptions/friendlist.template.php", 2);	

		while ($friend_info = mysql_fetch_array($query))
			template_hook("pages/myoptions/friendlist.template.php", 3);
			
		template_hook("pages/myoptions/friendlist.template.php", 4);
	}
}

template_hook("pages/myoptions/friendlist.template.php", "end");
	
?>